People make mistakes. We can train them, we can write policies and procedures, we can run phishing tests, … and we still won’t have wiped out all the person-induced cyber risk from our organisations, because eventually someone will do something they shouldn’t.
So how should we act when this happens? Accept that we can’t stop all attacks all the time, and brush it off as “one of those things”? Go zero-tolerance on cyber error and call it gross misconduct by default? Can we, for that matter, even have a set policy on how we deal with someone doing something wrong?
To show, by way of real-world examples, the benefits of working with users who make mistakes rather than using policies as blunt instruments and punishing by default.
Head of Technology Operations & Risk / Chief Information Security Officer,
You must be logged in and own this session in order to